[FFmpeg-cvslog] bink: Bound check the quantization matrix.
Luca Barbato
git at videolan.org
Wed Sep 25 23:34:51 CEST 2013
ffmpeg | branch: release/0.10 | Luca Barbato <lu_zero at gentoo.org> | Sun Aug 4 18:48:20 2013 +0200| [9c779b5dd0e8ce296aa2125877c8276775b8423e] | committer: Sean McGovern
bink: Bound check the quantization matrix.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 9991298f2c4d9022ad56057f15d037e18d454157)
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9c779b5dd0e8ce296aa2125877c8276775b8423e
---
libavcodec/bink.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/bink.c b/libavcodec/bink.c
index f38c030..47fcc81 100644
--- a/libavcodec/bink.c
+++ b/libavcodec/bink.c
@@ -675,6 +675,9 @@ static int read_dct_coeffs(GetBitContext *gb, int32_t block[64], const uint8_t *
quant_idx = q;
}
+ if (quant_idx >= 16)
+ return AVERROR_INVALIDDATA;
+
quant = quant_matrices[quant_idx];
block[0] = (block[0] * quant[0]) >> 11;
More information about the ffmpeg-cvslog
mailing list